Who says data privacy is a dull subject?

Privacy invasion is now one of our biggest knowledge industries. Marshall McLuhan (1911-1980)

I would update McLuhan’s observation to say that privacy invasion is our biggest knowledge industry, period. The struggle to preserve some core of privacy will likely continue through the lives of all people now living, and will result in changes to every aspect of human life.

We who work at the forefront of privacy regulation have a front-row seat on this epic drama. We will see the early results, whether it is GDPR slowing the currently-uncontrolled traffic in data and creating a walled privacy garden within the EU, or whether the rising tide of data, like rising sea levels, simply swamps the defenses.

It seems that every day brings new and bleak news of personal data passing out into the wilderness of the internet. At the same time, multitudes worldwide hand over their data without a second thought, while others are powerless to stop their data from being collected and sold.

Meanwhile, ads, spamming, phishing, spoofing, fraud, and impersonation continue to assault us, often guided and sharpened by the use of our personal data. Data sloshes around the world, endlessly copied, sold, stolen, and exploited for purposes ranging from the trivial to the life-ruining. For the moment, the victims are mostly people we don’t know (but maybe we simply haven’t found out yet).

Where is all of this leading? What kind of world will we live in where everyone who wants to know can find out when and where we were born, our parents’ names, our photo, email address and pretty much anything else that can be digitized?

I don’t know the answer to these questions, but those of us who are involved with data privacy will have an insider’s view of events as they unfold, and perhaps a chance to help turn the current data jungle into a productive garden.

What’s at stake

Although we’ve coasted into the Online Age, our concepts of identity are still fixed in the era of paper and documents as markers of identity. From the idea of a unique identity flow both rights (citizenship, social benefits) and obligations (taxes, military service) that define the individual’s place in society.

Clearly, the GDPR and other privacy legislation represents an effort to bring all of this under control, but can such legislation possibly prevail against the countervailing advantages (commercial, political, criminal, military) of having that data? We have few precedents for what is happening.

The Gutenberg Revolution

One precedent, though quite old and far from perfect, is the advent of printing with movable type, which ended the era of manuscripts and promoted far-reaching changes in society, including widespread literacy, the spread of knowledge, written vernacular languages (leading to the modern nation-state), and the ready availability of books, including the Bible, arguably a key element in the Protestant Reformation.

Before printing, books were rare and precious; if you were literate and had access to a valuable book, it was almost a duty to copy it. After printing, making copies was gradually restricted, even becoming a crime, as the laws of copyright and censorship developed to control the flow and content of printed material.

Today we find ourselves in a similar situation, but the timeline is much shorter and the effects even more pervasive. All the knowledge that the human race has accumulated is potentially available in an instant, as are the personal details of any human being who has any sort of online presence.

We risk losing ourselves in this rising sea of information before we’ve had time to invent and erect the barriers necessary to protect ourselves, or even to ascertain that effective barriers are possible. If privacy efforts fail, the society of the future is hard to imagine; what comes to mind for me is some mix of dystopian literature (maybe 1984 meets Brave New World), but the reality is unforeseeable.

Even the present, let alone the future, is difficult to see. The traffic in data takes place out of sight, in online tracking, hacking and theft, surreptitious monitoring by (it seems) everyone who has the means to do so, and sale to whomever is willing to pay. In short, the scope and dynamics of the problem in the present moment are hidden. We see a few well-publicized data leaks, but these may be simply the tip of the iceberg, as the number of concealed or undiscovered breaches must remain unknown.

Problem: data translates to money and power

For those who want to earn (or steal) money, data is an asset, a form of wealth that can, as McLuhan foresaw, have its value multiplied by combination with other data. In the hands of states, spy agencies, armies, or criminals, data is also power.

Like money, data has value, Like (modern) money, data can be transmitted anywhere in any quantity, almost instantly. As with money, efforts to regulate data will likely result in the spread of black-data markets and data havens (if they’re not already here). As with money, data exerts pressure to cheat, to steal, to bend the rules, to exploit loopholes and gray areas. (I expect a lot of corporate managers to be unhappy when we tell them all the things they can’t do under GDPR.)

The immense value and across-the-board advantages of possessing personal data (the more personal, the more valuable) generates an enormous and heterogeneous counter-force which will seek to undermine privacy efforts at every turn. Whether it turns out for good or ill, we will witness its unfolding.

Post navigation

Step 9 of the Belgian Privacy Commission’s guide to getting started with GDPR compliance concerns detecting, analyzing, and dealing with the fall-out of a data breach. The recent recall and re-issue of Estonia’s smartcard IDs brought home to me that public relations (PR) planning is an essential part of breach preparation, not to protect the […]